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(57) Abstract: A method of managing a wireless device (1), the method comprising installing a management agent program in a 
memory of the wireless device (1), the installed management agent monitoring the status of application programs installed on the de- 
vice. Management instructions are sent to the mobile device (1) from a Management Centre (5) using a wireless telecommunications 
network (2) and, following receipt of the management instructions at the device, the management agent processes the instructions 
and manages the applications accordingly. The management agent reports the results of the processing operation to the Management 
Centre (5) via the wireless telecommunications network (2). 
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Wireless Device Management 

The present invention relates to wireless device management and in particular to the 
remote management of wireless devices. 

5 

The last decade has seen a rapid growth in the number and use of mobile cellular 
telephones. More recently, wireless devices known as "communicators" have been 
introduced and combine the functionality of mobile telephones and Personal Digital 
Assistants (PDAs). It is expected that this area will undergo massive growth in the near 
10 future as new cellular telecommunication standards (e.g. GPRS, UMTS, WAP) make 
possible the high speed transfer of data across the wireless interface. 

The next generation of mobile telephones are likely to resemble a mini-computer rather 
than a telephone per se. Also, whilst to date cellular telephones have been very much 
15 manufacturer specific in terms of both hardware and software, future wireless devices 
are likely to be built on a much more open platform. This will allow the introduction 
into the devices of third party applications and will further fuel growth in much the 
same way as Microsoft Windows™ has done for personal computers. 

20 It is to be expected that much of the third party software which will be installable into 
wireless devices will be associated with a chargeable service and/or will require 
modification/updating etc after the initial installation. 

According to a first aspect of the present invention there is provided a method of 
25 managing a wireless device, the method comprising: 

installing a management agent program in a memory of the wireless device, the 
installed management agent monitoring the status of application programs installed on 
the device; 

sending management instructions to the mobile device using a 
30 telecommunications network; and 

receiving the management instructions at the device, the management agent 
processing the instructions and managing the applications accordingly. 
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The nature of mobile wireless devices (e.g. lacking input/output facilities such as disk 
drives) means that it is difficult or even impossible to install software applications after 
devices have been manufactured. Device manufacturers are also reluctant to allow 
device software to be modified by unauthorised third parties. The invention described 
5 here overcomes these problems by allowing device (software) architecture to be 
modified remotely by operators or authorised third parties. For example, a device may 
be supplied to a subscriber with a set of preloaded applications. These applications may 
be subsequently turned on or off be the sending of an appropriate management 
instruction from the operator's network to the device. This would avoid the need for a 
10 device to be returned to the manufacturer, or to an authorised dealer, merely to 
implement a software change. The management agent performs a centralised control 
role in the wireless device. 

In certain embodiments of the present invention, the management agent causes reports 
15 to be sent back to the origin of the management instructions following the processing of 
these instructions. For example, a report may contain confirmation that an application 
has been successfully turned on (installed) or off (uninstalled). These reports may be 
cryptographically signed. 

20 Preferably, the wireless device is operated by a subscriber to said telecommunications 
network, which network is a digital cellular telecommunications network. The network 
may be for example a GSM network or an evolution thereof such as GSM phase 2 
(including GPRS) or UMTS. 

25 Preferably, the application programs installed on the device may in an active or inactive 
state. A switch in the state of a given application may be achieved by sending an 
appropriate management instruction from the network to the device, whereupon the 
management agent acts on the instruction to implement said switch. 

30 Preferably, the step of sending management instructions to the mobile device comprises 
sending these instructions from a management centre of the telecommunications 
network. However, management instructions may alternatively 1 be sent from an 
authorised third party management centre. 
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In one embodiment of the invention, an anti-virus application program is installed in the 
wireless device and may be switched on or off by a management agent in response to a 
management instruction sent from the network to the device. 

5 

The management agent may control the installation of applications downloaded from 
the network to the wireless device. For example, these may be new applications 
requested by the user of the device. The management agent may control the 
modification of an application or of data associated with an application following the 
10 downloading of modifications from the network. 

The management agent may send monitored application status information to the 
telecommunications network. This may be used, for example, for the purpose of 
charging or to determine which updates should be sent to the device. 

15 

Said management instructions may be sent from the network to the mobile device using 
any appropriate bearer. For example, in a GSM (or UMTS) network instructions may 
be sent using the Short Message Service (SMS) or Unstructured Supplementary 
Services Data (USSD) messages. For larger data volumes, a connection oriented (e.g. 
20 circuit switched) or connectionless (packet switched) communication channel may be 
used. It is also possible that an SMS or USSD message may be sent from the network 
to the device to trigger the setting up of a connection for the transfer of a larger volume 
of data. 

25 Preferably, in order to ensure a secure connection on top of an open bearer service (such 
as SMS), management instructions are cryptographically signed. This signature can be 
used by a wireless device to authenticate the instructions. 

The management agent may be used to control and enforce policies on the wireless 
30 device. For example, these policies may include security policies including encryption, 
permitted connections, etc. Polices may be defined by the Management Centre. 
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According to a second aspect of the present invention there is provided a wireless 
device arranged to communicate with a telecommunication network, the device 
comprising: 

a memory storing a management agent program and one or more application 
5 programs; 

processing means for running the management agent to monitor the status of 
application programs installed on the device; and 

receiving means for receiving management instructions, sent from the network, 
and for passing these to the management agent, 
10 the management agent being arranged to process the instructions and manage the 

applications accordingly. 

The wireless device may be for example a mobile telephone, communicator, PDA, 
palmtop computer, or laptop computer. 

15 

For a better understanding of the present invention and in order to show how the same 
may be carried into effect reference will now be made by way of example to the 
accompanying drawings in which: 

Figure 1 illustrates schematically a management system for a wireless device; 
20 Figure 2 illustrates schematically the software architecture of a wireless device; and 

Figure 3 is a flow diagram illustrating a method of operation of the system of Figure 1. 

There is illustrated in Figure 1 a Public Land Mobile Network (PLMN) 1 which is the 
home network of a subscriber using a wireless device 2. The device 2 illustrated is a 
25 communicator type device. For the purpose of the following discussion, the PLMN 1 is 
assumed to be a GSM network. A second PLMN 3 is illustrated in the Figure, and this 
PLMN may represent a foreign or visited network for a roaming subscriber (using a 
wireless device 4) whose home network is also the PLMN 1. 

30 Within the PLMN 1, the network operator is provided with a Management Centre 5 
comprising a Management Server 6 and a Management Console 7. The Management 
Server 6 is connected to the communication backbone of the PLMN 1, e.g. to an MSC 
(not shown in the Figure). Via the Management Console 6 ? the operator is able to send 
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SMS messages and data to devices such as the devices 2,4, and receive the same from 
these devices. Policies such as access rights, application availability, security etc., are 
defined at the management centre for individual (or classes of) subscribers. 

5 The devices 2,4 each have a memory storage means into which a number of application 
programs are pre-loaded by the manufacturer or by the device supplier. These 
applications may comprise a phone application (used for making and controlling phone 
calls), a contacts database, a word processor, and one or more security applications such 
as an anti-virus application. The memory also contains a device operating system such 
1 0 as the EPOC, Windows CE™, PalmOS™, or Mobile Linux operating systems. 

The memories of the devices 2,4 are each additionally pre-loaded with a management 
agent program, the primary function of which is to allow for the remote control of the 
device resident applications (and for the installation, deletion, and updating of 

15 applications) from the Management Centre 5 of the network 1. The software 
architecture of the devices 2,4 is illustrated in Figure 2, from which it will be apparent 
that the management agent may issue commands through the operating system or 
directly to other applications installed in the device. The management agent may for 
example be able to delete or copy files by issuing operating system commands. The 

20 management agent performs a central control role in the mobile wireless device, and all 
requests, configurations, downloads, etc, are funnelled through the management agent. 

Consider now the situation where the operator of the PLMN 1 wishes to deactivate or 
activate an application resident in the memory of the wireless device 2. This action may 

25 follow, for example, a request received from the device user (e.g. in an SMS message or 
via a telephone call). The operator initiates the sending of an appropriate management 
instruction from the Management Console 7. The instruction contains the identity of 
the application to be controlled, and the action to be taken. The instruction is 
cryptographically signed to authenticate the instruction, and is passed to the 

30 Management Server 6 which relays the instruction to the MSG of the network 1 in the 
payload of an SMS message (NB. where the instruction length exceeds the maximum 
payload of an SMS message, the instruction may be segmented and sent in two or more 
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"concatenated" SMS messages). The header of the SMS payload contains the telephone 
number of the destination device 1. 



The network 1 causes the SMS message to be delivered to the device 1. Following 
5 acceptance of the message by the device user, the management instruction contained in 
the SMS message is passed to the management agent. The management agent first 
authenticates the instruction (using the cryptographic signature), and then analyses the 
instruction and acts accordingly, i.e. to activate or deactivate an application resident in 
the device's memory. 

10 

It will be appreciated that the mechanism described here allows operators and software 
vendors to maintain control over who may use their software, and moreover allows this 
to be achieved in an extremely flexible manner. For example, users may be charged a 
licence fee for a fixed time period and, after that time has expired and the user has not 
1 5 renewed the licence, the software in the user's device may be inhibited. 



A similar mechanism may be used to update an application of the device 2, or to update 
data associated with an application. Consider for example an anti-virus application 
installed and active on the device 2. Typically, anti-virus applications rely upon 

20 previously identified virus signatures to identify viruses in scanned data. These 
signatures are stored in a database. Database updates may be sent from the 
Management Centre 5 to the wireless device 2 in a management instruction (using SMS 
messages), where they are received by the management agent. After authentication of 
the instruction, the management agent proceeds to update the virus signature database in 

25 the memory of the device 2. The anti-virus software itself may be updated using a 
similar mechanism. 



An important function of the management agent is that of reporting to the Management 
Centre 5. The management agent may report for example the successful installation of 
30 a new application, or the failure of an instructed installation. This allows the 
Management Centre 5 to maintain an accurate record of the status of a mobile device. 
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In the above examples, the Management Centre 4 "pushes" information and data to the 
wireless devices. Where the volume of data to be sent from the Management Centre 5 
is large, an SMS message may be used as a trigger for establishing some other bearer 
channel having a greater bandwidth and via which data may be "pulled" to a wireless 
5 device. For example, in the case of an application or data update, a trigger SMS 
message may be sent from the Management Centre 5, asking the subscriber to establish 
a data call to the Management Server 6. Once this connection is established, the update 
can be downloaded to the device 1 . 

10 Figure 3 is a flow diagram further illustrating the main steps in a method of remotely 
managing applications of a wireless device using the management agent concept. 

It will be appreciated by the person of skill in the art that various modifications may be 
made to the above described embodiments without departing from the scope of the 

15 present invention. For example, in the system described the management centre 5 is 
located within the PLMN 1 (or at least is controlled by the operator of the PLMN 1). 
However, the Management Centre 5 may instead be operated by a third party, for 
example the vendor of application software or by some independent service provider 
who may charge users and/or application vendors a commission. In some cases, the 

20 Management Console 7 may be operated by a third party with the Management Server 6 
being operated by the PLMN operator. In another modification to the above described 
embodiment, the management agent may be incorporated into the device operating 
system (EPOC, WindowsCE™, etc), rather than being a standalone application. 
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1 . A method of managing a wireless device, the method comprising: 

installing a management agent in a memory of the wireless device, the installed 
5 management agent monitoring the status of the device and of applications installed on 
the device; 

sending management instructions to the mobile device using a wireless 
telecommunications network; 

receiving the management instructions at the device, the management agent 
10 processing the instructions and managing the applications accordingly. 



2. A method according to claim 1, wherein the management agent causes reports to 
be sent back to the origin of the management instructions following the processing of 
these instructions. 

3. A method according to claim 1 or 2, wherein the wireless device is operated by a 
subscriber to said wireless telecommunications network, which network is a digital 
cellular telecommunications network. 



20 4. A method according to any one of the preceding claims, wherein the application 
programs installed on the device may in an active or inactive state, and a switch in the 
state of a given application is achieved by sending an appropriate management 
instruction from the network to the device, whereupon the management agent acts on 
the instruction to implement said switch. 

25 

5. A method according to any one of the preceding claims, wherein the step of 
sending management instructions to the mobile device comprises sending these 
instructions from a management centre of the telecommunications network. 



30 



6. A method according to any one of claims 1 to 4, wherein management 
instructions are sent to the wireless device from an authorised third party management 
centre. 
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7. A method according to any one of the preceding claims, wherein an anti- virus 
application program is installed in the wireless device and is switched on or off by a 
management instruction sent from the network to the device. 

5 8. A method according to any one of the preceding claims, wherein the 
management agent controls the installation of applications downloaded from the 
network to the wireless device. 

9. A method according to any one of the preceding claims, wherein the 
10 management agent controls the modification of an application or of data associated with 

an application following the downloading of modifications from the network. 

10. A method according to any one of the preceding claims, wherein the 
management agent sends monitored application status information to the 

1 5 telecommunications network. 

11. A method according to any one of the preceding claims, wherein the network is 
a GSM or UMTS network and said management instructions are sent from the network 
to the mobile device using the Short Message Service (SMS) or Unstructured 

20 Supplementary Services Data (USSD) messages. 

12. A method according to any one of the preceding claims, wherein in order to 
ensure a secure connection on top of an open bearer service management instructions 
are cryptographically signed. 

25 

13. A wireless device arranged to communicate with a wireless telecommunication 
network, the device comprising: 

a memory storing a management agent and one or more applications; 
processing means for running the management agent to monitor the status of 
30 applications installed on the device; and 

receiving means for receiving management instructions, sent from the network, 
and for passing these to the management agent, 
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the management agent being arranged to process the instructions and manage the 
applications accordingly. 



5 



14. A device according to claim 13, wherein the device is a mobile telephone, 
communicator, PDA, palmtop computer, or laptop computer. 
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Figure 1 
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